No personal information was compromised after two Saanich Peninsula municipal websites were held for ransom.
On March 22, both the Central Saanich and North Saanich district websites were hacked and Central Saanich received an email asking for money to have them released. Both websites are hosted on a server in Central Saanich, says North Saanich Chief Administrative Officer Rob Buchan.
The two websites are not linked, but are held on the same server, Buchan explained.
Nor are the websites linked to any internal municipal computer systems or servers, so no personal information of any resident in North Saanich was compromised in the hack, Buchan said. He said malware got into the server last week and encrypted both websites, preventing staff from accessing them.
“What we have on our websites is all public information,” he explained. “So, rather than give into (the hacker’s) demand, we decided to put up a temporary website and work on a new one.”
Buchan said the police have been notified of the hack.
“This is cyber crime.”
Corporal Dan Cottingham wit the Central Saanich Police Service said in a message to the PNR that they had not yet been notified of the incident. A call to the District of Central Saanich CAO Patrick Robbins has not yet been returned.
In a Facebook post, Central Saanich Mayor Ryan Windsor wrote that “the (server) equipment is owned by the District of North Saanich but is housed in Central Saanich as part of a longstanding partnership which is slated to conclude this year with the District launching a new site”
“The new Central Saanich website, hosted by an outfit which knows how to maintain the security of equipment it owns, will launch in the near future as work was almost complete on it before this incident occurred.”
North Saanich does have its temporary website running now. Buchan said the District had plans to update their website this year and this incident only moves the timeline up. He could not say at the time how much it will cost the municipality to do that.
Buchan credited District staff for acting so quickly to get the temporary website up this week.
In an email to the PNR, Sidney Chief Administrative Officer Randy Humble said the Town “has not experienced any similar attacks on our website or server. We have assessed our internal security procedures and we are satisfied we are not vulnerable to this type of attack. As an added safeguard, it is our policy to not comment in any detail about our network security measures.”